#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Posts
    4
    Rep Power
    0

    How to save dynamic textbox to database using PHP


    I have here my JS script that dynamically add three textbox when the user click the button 'Add item'. The three textbox have different fields when saved in database. But it seems that in my PHP code it doesn't catch any value from the textbox. In the database it only shows 'Array'. Please help me! Thanks!

    Code:
    <script language="javascript">
    row_no=0;
    function addRow(tbl,row){
    row_no++;
    if (row_no<=20){
        if (row_no<=20){
    if (row_no>=10){
    var textbox  = row_no+'.)&nbsp;<input type="text" size = "50"  maxlength= "50" name= "desk_user[]">';}
    if (row_no<10){
    var textbox  = row_no+'.  )&nbsp;<input type="text" size = "20"  maxlength= "50" name= "desk_user[]">';}
    var textbox2 = '<input type="text" size = "60" maxlength= "250" name= "desk_report[]">';
    var textbox3 = '<input type="text" size = "60" maxlength= "250" name= "desk_action[]">';
    
    var tbl = document.getElementById(tbl);
    var rowIndex = document.getElementById(row).value;
    var newRow = tbl.insertRow(row_no);
    var newCell = newRow.insertCell(0);
    newCell.innerHTML = textbox;
    var newCell = newRow.insertCell(1);
    newCell.innerHTML = textbox2;
    var newCell = newRow.insertCell(2);
    newCell.innerHTML = textbox3;
    }
    if (row_no>20){
    alert ("Too Many Items. Limit of 20."); 
    }
    }
    }
    
    </script>
    My PHP code:

    Code:
    <?php
    
    $con = mysql_connect ("localhost","root","nasi") or die
    ('cannot connect to database error: '.mysql_error());
    
    
    if (isset($_POST['desk_user']) &&
    isset($_POST['desk_report']) &&
    isset($_POST['desk_action']))
    {
    
    $desk_user = $_POST['desk_user'];
    $desk_report = $_POST['desk_report'];
    $desk_action = $_POST['desk_action'];
    
    if (!empty($desk_user)&& !empty($desk_report)&& !empty($desk_action)) {
    
    mysql_select_db("csr", $con);
    $sql = "INSERT INTO `desktoplaptop` (`desk_user`,`desk_report`,`desk_action`) VALUES ('$_POST[desk_user]','$_POST[desk_report]','$_POST[desk_action]') ";
    
    if ($sql_run = mysql_query($sql)) {
                                echo 'ok.'; 
                                    }
                            else {
                                        echo '*Sorry, we couldn\'t register you at this time. Try again later.';
                                        }
    }
    
    }
    
    ?>
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    well, the database values are correct in that $_POST['desk_user'], $_POST['desk_report'] etc. are indeed arrays. That's the whole point of appending "[]" to the field names.

    Maybe I misunderstood you the last time, but I thought you wanted to insert all rows to the database. This is achieved by putting "desk_user" etc. into arrays, looping over the arrays and then inserting each one.

    See my explanation where I use a "for" loop.

    Another big problem is that you completely ignore security. When you simply dump the POST parameters into the query string, you allow every user to manipulate the query in pretty much any way (called SQL injection). You have to escape the values with mysql_real_escape_string(). Or even better: Drop the obsolete mysql_ functions and use one of the modern APIs which support prepared statements.

IMN logo majestic logo threadwatch logo seochat tools logo